Ethereal: [Ethereal-dev] Dissection of file data in Write AndX Request message

Ethereal-dev: December 2002

Subject: [Ethereal-dev] Dissection of file data in Write AndX Request message
From: dheitmueller <dheitmueller@xxxxxxxxxxx>
Date: Tue, 03 Dec 2002 22:47:35 -0500 (EST)

Hello,

I asked a similar question last month regarding the ability to read SMBreadX requests.  My problem was that I did not have Ethereal properly configured to dissect the trace.  

It is likely that I'm having a similar problem here.

Please look at the attached trace.  I am attempting to dissect the DCE payload in frame 5.  However, it is encapsulated in a WriteAndX request as the "file data". 

Is there any way to get Ethereal to interpret the "file data" field as DCE/RPC?

I have enabled the following options to no success:

DCERPC - Desegment all DCE/RPC over TCP
DCERPC - Reassemble DCE/RPC fragments
NBSS- Desegment all NBSS packets spanning multiple TCP segments
NetBIOS - Defragment all NetBIOS messages spanning multiple frames
SMB - Reassemble SMB Transaction Payload
SMB - Reassemble DCERPC over SMB
TCP - Allow subdissector to desegment TCP streams

I suspect I'm probably doing something wrong, and feel rather stupid asking a very similar question as a month earlier.  Any advice that can be offered would be greatly appreciated.

Thanks in advance,

Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc

Attachment: nt42n2000passchange2.eth
Description: Binary data

Follow-Ups:
- Re: [Ethereal-dev] Dissection of file data in Write AndX Request message
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Problem building on win32
Next by Date: Re: [Ethereal-dev] Dissection of file data in Write AndX Request message
Previous by thread: [Ethereal-dev] Re: Problem compiling 0.9.7
Next by thread: Re: [Ethereal-dev] Dissection of file data in Write AndX Request message
Index(es):
- Date
- Thread